package cn.itcast.shiro.authorization;

import java.util.Arrays;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.junit.Test;

/**
 * 授权测试
 * @author Administrator
 *
 */
public class AythorizationTest {

	@Test
	public void testAythorization(){
		// 创建securityManager工厂，通过ini配置文件创建securityManager工厂
		Factory<SecurityManager> factory = new IniSecurityManagerFactory(
				"classpath:shiro-permission.ini");

		// 创建SecurityManager
		SecurityManager securityManager = factory.getInstance();

		// 将securityManager设置当前的运行环境中
		SecurityUtils.setSecurityManager(securityManager);

		// 从SecurityUtils里边创建一个subject
		Subject subject = SecurityUtils.getSubject();
		
		// 在认证提交前准备token（令牌）
				// 这里的账号和密码 将来是由用户输入进去
				UsernamePasswordToken token = new UsernamePasswordToken("zhangsan",
						"123");

				try {
					// 执行认证提交
					subject.login(token);
				} catch (AuthenticationException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}
		System.out.println("认证状态：="+subject.isAuthenticated());
		//认证后进行授权
		
		//基于角色的授权，一般不用
		//传入角色标识符
		boolean ishasRole = subject.hasRole("role1");
		System.out.println(ishasRole);
		
		//多个角色的授权
		boolean ishasRoles = subject.hasAllRoles(Arrays.asList("role1","role2"));
		System.out.println(ishasRoles);
		
		/*//使用check进行授权，若授权不通过则抛出异常
		subject.checkRole("role21");
		*/
		
		
		
		//基于资源的授权
		//isPermitted传入权限标识符
		
		boolean isPermitted = subject.isPermitted("user:create");
		//单个权限判断
		System.out.println(isPermitted);
		//多个权限判断
		boolean isPermittedAll = subject.isPermittedAll("user:create:1","user:delete");
		System.out.println("判断多个权限="+isPermittedAll);
		
		/*//使用check进行授权，若授权不通过则抛出异常
		subject.checkPermission("usetee:create");*/
		

		
	}
	
	//自定义realm进行资源授权
	@Test
	public void testAythorizationCustormRealm(){
		// 创建securityManager工厂，通过ini配置文件创建securityManager工厂
		Factory<SecurityManager> factory = new IniSecurityManagerFactory(
				"classpath:shiro-realm.ini");

		// 创建SecurityManager
		SecurityManager securityManager = factory.getInstance();

		// 将securityManager设置当前的运行环境中
		SecurityUtils.setSecurityManager(securityManager);

		// 从SecurityUtils里边创建一个subject
		Subject subject = SecurityUtils.getSubject();
		
		// 在认证提交前准备token（令牌）
				// 这里的账号和密码 将来是由用户输入进去
				UsernamePasswordToken token = new UsernamePasswordToken("zhangsan",
						"111111");

				try {
					// 执行认证提交
					subject.login(token);
				} catch (AuthenticationException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}
		System.out.println("认证状态：="+subject.isAuthenticated());
		//认证后进行授权
		

		//基于资源的授权,调用isPermitted方法会调用CustomReal从数据库查询正确权限数据
		//isPermitted传入权限标识符，判断user:create:1是否在CustomReal查询到权限数据之内
		boolean isPermitted = subject.isPermitted("user:create");
		//单个权限判断
		System.out.println(isPermitted);
		//多个权限判断
		boolean isPermittedAll = subject.isPermittedAll("user:create:1","user:delete");
		System.out.println("判断多个权限="+isPermittedAll);
		
		//使用check进行授权，若授权不通过则抛出异常
		subject.checkPermission("items:create:1");
		

		
	}
}
